-
Notifications
You must be signed in to change notification settings - Fork 721
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with SNI support #133
Comments
Hi, I fear that adding another "host" argument to connection and/or TLS setup might confuse user. Before supporting this feature, is it really needed to be supported by the paho library ? In your example why don't you connect to "myservice", probably adding "myservice" to your /etc/hosts ? |
Hi, |
I don't see where in production it could be useful, since in production you should have a DNS name matching your certificate name. It seems to be useful only during development if your don't have a correct DNS name. Having different handling during development and production should be avoided, and this one could be avoided by added the DNS name in your /etc/hosts. Why can't you update your /etc/hosts in your case ? |
@PierreF you are absolutely right ... it's only a problem on developing side ;) |
I believe this issue is fixed. Feel free to reopen if the issue persist. |
I'm trying to use the SSLContext support from the "develop" branch for SNI support.
What I see is that the "host" specified in the connect() method is also used as server_hostname during socket wrapping :
self._ssl_context.wrap_socket(sock, server_hostname=self._host)
it means that it's impossible with this implementation opening a socket versus an hostname (i.e. "localhost") but providing a different SNI (i.e. "myservice") during TLS handshake.
The text was updated successfully, but these errors were encountered: